.. /.Rtf

Phishing
Exploit
Native
Double Click

Author:

mr.d0x

Description:

RTF or Rich Text Format is a text document that allows for added rich text features such as bolding text. RTF files have been used to exploit zero day vulnerabilities and other known vulnerabilities such as CVE-2018-0802.

OS:

Windows
Mac
Linux

Recommendation:

Ensure the latest version of RTF viewer (e.g. Microsoft Word) is always installed.

Resources:

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/an-inside-look-into-microsoft-rich-text-format-and-ole-exploits/
https://neil-fox.github.io/RTF-Analysis-&-Lokibot/

File Samples:

Contributions: